红队框架
攻击技战法
-
[list]云上攻击技战法 https://hackingthe.cloud/ -
[doc]红队技术实战 https://ired.team/ -
[paper]软件供应链攻击矩阵 https://pbom.dev/ https://pbom.dev/#overview -
[book]HackTricks https://book.hacktricks.xyz/welcome/readme
威胁情报 Threat Intelligence
红队框架/工具集 Redteam Framework
-
[tool]Utilities for MITRE™ ATT&CK https://github.com/nshalabi/ATTACK-Tools -
[tool]好用的渗透工具列表 https://github.com/enaqx/awesome-pentest -
[book]KALI渗透 https://jobrest.gitbooks.io/kali-linux-cn/content/ -
[paper]ATT&CK 发布了七款安全产品的评估 https://medium.com/mitre-attack/first-round-of-mitre-att-ck-evaluations-released-15db64ea970d -
[doc]红队技术实战 https://ired.team/ -
[cheatsheet]红队手册 https://github.com/mantvydasb/Offensive-Security-OSCP-Cheatsheets/ -
[tool]渗透、红队工具集 https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE -
[tool]红队资源集合 https://github.com/yeyintminthuhtut/Awesome-Red-Teaming/ -
[tool]APT实战资源 https://osint-labs.org/apt/ -
[cheatsheet]Windows 渗透 https://m0chan.github.io/2019/07/30/Windows-Notes-and-Cheatsheet.html -
[blog]红队笔记 https://idiotc4t.com/
MITRE ATT&CK Matrix
-
Caldera https://github.com/mitre/caldera https://caldera.readthedocs.io/en/latest/index.html
-
Atomic Red Team https://github.com/redcanaryco/atomic-red-team https://atomicredteam.io
-
DumpsterFire https://github.com/TryCatchHCF/DumpsterFire
-
Metta https://github.com/uber-common/metta https://github.com/uber-common/metta/wiki
业内红队 Industry
攻击杀伤链
信息搜集 Reconnaissance
OSINT 在线工具
[tools]攻击面测绘 https://0.zone[tools]HW、SRC信息搜集 https://github.com/wgpsec/ENScan_GO[tools]邮箱搜集 https://mp.weixin.qq.com/s/ePXQuMzOtQUWPWFncR8eNQ[tool]公司组织架构人员 https://theorg.com/[tool]信息搜集和渗透工具集 https://github.com/projectdiscovery/[tool]Bugbounty资产搜集检索 https://chaos.projectdiscovery.io[tool]企业邮箱搜索工具 http://www.skymem.info/[tool]子域名和DNS历史记录Dnstrails https://securitytrails.com/dns-trails[tool]全网证书搜索 http://crt.sh[tool]多种域名/IP信息工具 https://viewdns.info/[tool]ICP备案查询 https://www.beianx.cn/[tool]Pentest Tools https://pentest-tools.com[tool]全网资产搜索 Shodan https://www.shodan.io/[tool]全网资产搜索 Censys https://censys.io[tool]全网资产搜索 Fofa https://fofa.so/[tool]全网资产搜索 Zoomeye https://www.zoomeye.org/[tool]空间测绘数据泄露Leak https://leakix.net/[tool]DNS查询 https://dnsdumpster.com/[tool]文件在线监测 VirusTotal https://www.virustotal.com/[tool]DNS查询 http://www.dnsgoodies.com/[tool]Google ASE aka Google Dorking (Most effective in some cases)[tool]Spiderfoot (Currently Free, just request for a Spiderfoot instance)[tool]Binaryedge (Paid/Rate-Limited)[tool]onyphe.io (Free mostly)[tool]Github用户历史记录API https://api.github.com/users/{username}/events[tool]Telegram群搜索 https://en.tgchannels.org/categories[tool]根据用户名搜集互联网账号信息 https://github.com/soxoj/maigret[data]各类数据源的 Top Domains https://github.com/PeterDaveHello/top-1m-domains[tool]子域名搜索 https://shrewdeye.app/search/
空间测绘
[tool]FOFA https://fofa.info[tool]leakix https://leakix.net/[tool]鹰图 https://hunter.qianxin.com/[tool]360夸克 https://quake.360.net/quake/#/index
密钥搜集,正则规则,云AKSK等
[tool]GitLeaks https://github.com/gitleaks/gitleaks
信息搜集工具
[tool]BigBountyRecon https://github.com/Viralmaniar/BigBountyRecon[tool]子域名和资产发现 https://github.com/OWASP/Amass[tool]子域名搜集 https://github.com/projectdiscovery/subfinder[tool]子域名搜集 https://github.com/Findomain/Findomain
指纹识别
[tool]WAF识别 https://github.com/stamparm/identYwaf[tool]CDN识别 https://github.com/projectdiscovery/cdncheck
入口突破 Entry
钓鱼 Phishing
-
[cases]利用谷歌开放平台OAuth授权,伪装成Google Doc使用GMail传播钓鱼 https://www.reddit.com/r/google/comments/692cr4/new_google_docs_phishing_scam_almost_undetectable/ -
[blog]Office在线视频钓鱼 https://blog.cymulate.com/abusing-microsoft-office-online-video -
[tool]邮件钓鱼工具 https://www.mailsploit.com/index -
[trick]利用DOCX文档远程模板注入执行宏https://xz.aliyun.com/t/2496 -
[trick]浏览器窗口伪造 https://github.com/openworldoperations/FISHY -
[trick]鼠标光标伪造 https://jameshfisher.github.io/cursory-hack/ -
[tool]社交网站钓鱼伪造 https://github.com/richardsonjf/shellphish
硬件交互设备 HID Attack
-
[paper]打印机利用 http://archive.hack.lu/2010/Costin-HackingPrintersForFunAndProfit-slides.pdf -
[tool]BadUSB https://mp.weixin.qq.com/s/mIcRNcf5HmZ4axe8N92S7Q
无线入侵 Wireless Attack
[tool]无需四次握手包破解WPA&WPA2密码 http://www.freebuf.com/articles/wireless/179953.html
服务器带外管理BMC、IPMI
供应链攻击
-
[blog]针对目标企业开源项目的针对性软件供应链攻击 https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 -
[blog]利用AI输出的错误信息进行抢注投毒 https://mp.weixin.qq.com/s/M7M4gPdSf3YMx0t96FoL6A
爆破
[tool]目录、文件、DNS、Vhost爆破 https://github.com/OJ/gobuster[tool]Web Fuzzer https://github.com/ffuf/ffuf
Exploitation
-
[tool]PE文件转为Shellcode / https://github.com/hasherezade/pe_to_shellcode -
[blog]Java Runtime.exec(String)执行任意命令 https://www.anquanke.com/post/id/159554https://mp.weixin.qq.com/s/pzpc44-xH932M4eCJ8LxYghttp://jackson.thuraisamy.me/runtime-exec-payloads.html -
[paper]利用 Java JDBC 驱动利用反序列化漏洞 https://xz.aliyun.com/t/7067 -
[blog]关于Jackson的CVEs https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 -
[paper]FastJson漏洞历史 https://github.com/miaochiahao/slides/tree/master/fastjson -
[tool]一键日Jira https://github.com/0x48piraj/Jiraffe -
[tool]很全的JNDI内存马利用工具 https://github.com/feihong-cs/JNDIExploit -
[tool]PHP LFI to RCE https://github.com/synacktiv/php_filter_chain_generator
权限提升 Privilege Escalation
-
[tools]使用Qemu快速搭建Linux内核提权测试环境 https://github.com/bsauce/kernel-exploit-factory -
[cheatsheet]Windows提权笔记 https://xz.aliyun.com/t/2519 -
[cheatsheet]Windows提权小抄 https://guif.re/windowseop -
[cheatsheet]Windows本地提权技巧 http://payloads.online/archivers/2018-10-08/1 -
[cheatsheet]Linux提权小抄 https://guif.re/linuxeop -
[exploit]Windows-Exploit-Suggester https://github.com/GDSSecurity/Windows-Exploit-Suggester/blob/master/windows-exploit-suggester.py -
[exploit]Linux-Exploit-Suggester https://github.com/PenturaLabs/Linux_Exploit_Suggester/ -
[exploit]Windows Exploits https://github.com/abatchy17/WindowsExploits -
[exploit]Windows Sherlock本地提权漏洞检查 https://github.com/rasta-mouse/Sherlock -
[cheatsheet]Linux sudo滥用提权 http://touhidshaikh.com/blog/?p=790 -
[blog]深入解读MS14-068漏洞:微软精心策划的后门?http://www.freebuf.com/vuls/56081.html -
[paper]Windows特权提升 https://www.exploit-db.com/docs/english/46131-windows-privilege-escalations.pdf -
[tool]juicy-potato本地提权 https://github.com/ohpe/juicy-potato https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/ -
[exploit]hh.exe提权 https://twitter.com/FlatL1ne/status/1194208167976165376 -
[tool]Linux本地信息搜集 https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh -
[tool]Linux进程监控 https://github.com/DominicBreuker/pspy -
[cheatsheet]Linux Privilege Escalation https://book.hacktricks.xyz/linux-unix/privilege-escalation -
[tools]本地提权检查工具 Linux/Win/Mac https://github.com/carlospolop/PEASS-ng
持久化后门 Persistent
-
[tool]Gray Dragon .NET应用Runtime注入工具 / https://www.digitalbodyguard.com/graydragon.html -
[trick]利用环境变量,在任意.Net应用DLL注入 / https://mobile.twitter.com/subTee/status/864903111952875521 https://docs.microsoft.com/en-us/previous-versions/dotnet/netframework-4.0/bb384689(v=vs.100) -
[tool]PHP-FPM无文件后门Webshell https://www.anquanke.com/post/id/163197 -
[tool]利用PrintDialog持久化+执行命令 http://www.hexacorn.com/blog/2018/08/11/printdialog-exe-yet-another-lolbin-for-loading-dlls/ -
[tool]SystemSettings http://www.hexacorn.com/blog/2018/08/12/systemsettings-exe-yet-another-lolbin-for-loading-dlls/ -
[tool]二进制加密Webshell https://xz.aliyun.com/t/2744https://github.com/rebeyond/Behinder -
[cheatsheet]Linux权限维持 https://xz.aliyun.com/t/7338 -
[tool]Linux eBPF backdoor https://github.com/kris-nova/boopkit -
[tool]5行代码编译 PAM 后门 https://infosecwriteups.com/creating-a-backdoor-in-pam-in-5-line-of-code-e23e99579cd9
Post Exploitation
Windows
-
无Powershell.exe的Powershell工具 / https://github.com/Ben0xA/nps
-
全阶段的Powershell渗透测试脚本 / https://github.com/samratashok/nishang
-
命令执行 Living off the Land https://github.com/api0cradle/LOLBAS
-
C# 后渗透测试库 SharpSploit 介绍 https://posts.specterops.io/introducing-sharpsploit-a-c-post-exploitation-library-5c7be5f16c51
-
[blog]Windows执行命令和下载文件总结 https://www.cnblogs.com/17bdw/p/8550189.html -
[trick]使用Rundll32运行.Net程序 https://blog.xpnsec.com/rundll32-your-dotnet/ -
[tool].NET DllExport https://github.com/3F/DllExport
Linux
- 纯Bash实现的后渗透工具 / https://github.com/TheSecondSun/Bashark/
凭据窃取 Credentials
-
[tool]SafetyKatz https://github.com/GhostPack/SafetyKatz -
[tool]Shellcode Dump LSASS https://osandamalith.com/2019/05/11/shellcode-to-dump-the-lsass-process/ -
[tool]内网密码搜集和解密工具 https://github.com/klionsec/Decryption-tool -
[tool]浏览器窃取 https://github.com/QAX-A-Team/BrowserGhost -
[tool]浏览器凭据 https://github.com/moonD4rk/HackBrowserData
横向移动 Letaral Movement
-
[tool]端口扫描 wrriten in GO https://github.com/ffuf/ffuf/tree/master -
[tool]域信息搜集,域管理员的六度空间 https://github.com/BloodHoundAD/SharpHound -
[tool]域安全检查 https://github.com/vletoux/pingcastle -
[usage]NMap空闲隐蔽扫描 https://nmap.org/book/idlescan.html -
[blog]使用meterpreter进行NTLM中继攻击 https://diablohorn.com/2018/08/25/remote-ntlm-relaying-through-meterpreter-on-windows-port-445/ -
[tool]Responder NetBIOS名称欺骗和LLMNR欺骗 https://github.com/SpiderLabs/Responder -
[tool]NTLM Relay 攻击 Exchange Web Services https://github.com/Arno0x/NtlmRelayToEWS -
[tool]SMB中间人劫持 https://github.com/quickbreach/SMBetray -
[tool]代理隧道 https://github.com/txthinking/brook -
[tool]代理隧道 https://github.com/Dliv3/Venom
绕过检测 Defense Evasion - 绕过EDR
-
[blog]打断进程链,绕过命令执行检测,Windows https://mp.weixin.qq.com/s/_7axOxE4xp-A9RRddu2A_Q -
[blog]构造可信进程链,绕过杀软,维持权限,Windows https://www.ctfiot.com/91461.html
绕过检测 Defense Evasion
-
[book]效果不错的免杀,使用C#绕过杀毒软件 -
[tool]生成免杀的Metasploit Payload / https://github.com/Veil-Framework/Veil -
[code]自定义Meterpreter加载 / http://www.freebuf.com/articles/system/53818.html -
[blog]九种姿势执行Mimikaz -
[blog]使用.Net可执行程序进行渗透 -
[blog]ATT&CK 攻击矩阵 躲避防御 -
[blog]绕过下一代杀软 -
[blog]Windows NTFS特殊文件夹绕过检测 -
[paper]Winnti Bootkit http://williamshowalter.com/a-universal-windows-bootkit/ -
[paper]UEFI Rootkit https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/ -
[twitter]Linux Bash 混淆 https://twitter.com/DissectMalware/status/1025580967384305664 -
[tool]免杀工具 AVEThttps://github.com/govolution/avet -
[blog]绕过CrowdStrike检测 https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802 -
[blog]10 种绕过杀毒软件的方式 https://blog.netspi.com/10-evil-user-tricks-for-bypassing-anti-virus/ -
[tool]DLL Side Loding Attack Gen https://github.com/Mr-Un1k0d3r/MaliciousDLLGenerator -
[tool]BypassAV ShellCode Loader https://github.com/k8gege/scrun -
[blog]Protecting Your Malware with blockdlls and ACG 利用微软自身提供的安全机制来反EDR https://blog.xpnsec.com/protecting-your-malware/ -
[blog]Detecting Parent PID Spoofing https://blog.f-secure.com/detecting-parent-pid-spoofing/ -
[tips]对抗EDR的三个重要特征: 1. Process Relationship / 2. Suspicious Network / 3. Command Line. -
[blog]Antivirus Evasion with Python https://medium.com/bugbountywriteup/antivirus-evasion-with-python-49185295caf1 -
[tool]JS免杀Shellcode https://github.com/Hzllaga/JsLoader -
[tool]利用杀毒软件销毁自身 https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/ -
[tool]免杀合集 https://github.com/TideSec/BypassAntiVirus -
[tool]Apache/Nginx端口转发,隐藏TeamServer https://github.com/threatexpress/cs2modrewrite -
[tool]《使用C#编写自定义后门负载》学习笔记及免杀尝试 https://xz.aliyun.com/t/6222 -
[tool]杀软进程名检查 https://github.com/gh0stkey/avList/ -
[blog]Windows免杀新技术 Process Herpaderping https://jxy-s.github.io/herpaderping/ -
[blog]Domain Borrowing: 一种基于CDN的新型隐蔽通信方法 https://xlab.tencent.com/cn/2021/05/14/domain-borrowing/ -
[tool]通过各种隐蔽的执行方式绕过EDR,生成免杀exe https://github.com/optiv/Freeze https://github.com/optiv/Freeze.rs -
[tool]LD_PRELOAD 隐藏进程 https://github.com/gianlucaborello/libprocesshider
绕过检测 Defense Evasion - 欺骗伪造
[tool]TOA 四层负载均衡 IP 伪造 https://mp.weixin.qq.com/s/B4y3JV6_Jb0ew9u1vVGE4g
C&C
-
[tool]ICMP后门 https://github.com/inquisb/icmpsh -
[tool]Windows远控 in C# https://github.com/quasar/QuasarRAT -
[tool]Defcon后渗透工具,大宝剑 https://github.com/zerosum0x0/koadic -
[tool]Custom Command and Control https://labs.mwrinfosecurity.com/tools/c3 -
[paper]CobaltStrike教程文档 https://wbglil.gitbooks.io/cobalt-strike/ -
[blog]PowerGhost挖矿病毒分析 https://www.freebuf.com/articles/system/219715.html -
[tool]隐藏网络连接的后门 https://github.com/BeetleChunks/redsails -
[tool]Powershell反连后门 https://github.com/ZHacker13/ReverseTCPShell -
[tool]JS VBS Payload生成器 https://github.com/mdsecactivebreach/CACTUSTORCH -
[tool]基于Golang的C2,DeimosC2 https://github.com/DeimosC2/DeimosC2 -
[tool]基于Golang的反弹Shell管理程序 https://github.com/WangYihang/Platypus -
[tool]基于.Net框架的开源C2,https://github.com/cobbr/Covenant -
[tool]基于Rust的开源C2 Link,支持 Windows、Linux、MacOS https://github.com/postrequest/link -
[tool]C语言编写的小巧精悍后门 https://github.com/MarioVilas/thetick -
[tool]C2 Silver https://github.com/BishopFox/sliver
数据外传 Data Exfiltration
-
[blog]数据外传技术 https://www.pentestpartners.com/security-blog/data-exfiltration-techniques/ -
[blog]数据外传技术 https://book.hacktricks.xyz/generic-methodologies-and-resources/exfiltration
辅助工具 Misc
-
[forum]Hack the box https://www.hackthebox.eu/ -
[tool]代码生成手绘图 https://www.websequencediagrams.com/ -
[tool]本地代码生成ascii文本绘图 graph::easy -
[tricks]技巧汇总 https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet#lbwh-anchor -
[tool]隐写,利用 unicode 变体定位符进行隐写 https://emoji-encoder.vercel.app/?mode=encode https://github.com/paulgb/emoji-encoder
匿名邮箱和短信接收平台
反溯源
- 代理池 https://github.com/akkuman/rotateproxy
中间人 MITM
-
[tool]钓鱼反向代理中间人工具 https://github.com/hash3liZer/evilginx2 -
[tool]TLS/SSL 明文审计 https://mp.weixin.qq.com/s/k9K8u2ihsc89-IWaKuQ-ww
安卓安全 Android
[paper]Frida操作手册 https://github.com/hookmaster/frida-all-in-one
逆向分析 Reverse
-
[tool]NSA发布逆向分析框架Ghidra https://www.nsa.gov/resources/everyone/ghidra/ -
[tool]Modern Java Bytecode Editor https://github.com/Col-E/Recaf
字典 Wordlist
- 常见服务的暴力破解 https://github.com/lanjelot/patator
- 看起来很强的弱密码 https://github.com/r35tart/RW_Password
- 超全Payload https://github.com/swisskyrepo/PayloadsAllTheThings
- 社工字典生成工具 https://github.com/Saferman/cupper
渗透辅助 & OOB工具
[tool]nuclei 的 dnslog https://github.com/projectdiscovery/interactsh[tool]lijiejie 基于 bugscan dnslog 二开的 dnslog https://github.com/lijiejie/eyes.sh[tool]在线 dnslog/httplog https://byte.vet/
自动化扫描 & 巡检
[tool]分布式扫描器WDScanner https://www.freebuf.com/sectool/203772.html[tool]灯塔资产巡检 https://github.com/TophantTechnology/ARL
云安全 & 云原生
[wiki]面向云安全方向的知识文库 https://github.com/teamssix/twiki[book]K8S指南 https://feisky.gitbooks.io/kubernetes/introduction/101.html[list]云上攻击技战法 https://hackingthe.cloud/[tool]AKSK资源遍历工具 https://github.com/wyzxxz/aksk_tool[paper]云安全知识库 https://cloudsec.huoxian.cn/docs/articles[paper]云安全知识库 https://wiki.teamssix.com/
软件包/组件/依赖安全
[tool]开源漏洞库,组件安全,依赖安全 https://security.snyk.io/[tool]组件依赖安全检测 https://github.com/jeremylong/DependencyCheck
白盒扫描/代码审计
- SonarQube
- Semgrep.dev
Web安全
[collections]Web安全项目合集 https://github.com/qazbnm456/awesome-web-security[tool]Web扫描通用辅助函数集 https://wsltools.readthedocs.io/en/latest/[tool]Web爬虫,基于Chrome Headless https://github.com/chaitin/rad[tool]Burpsuite插件,敏感信息识别和提取 https://github.com/gh0stkey/HaE[tool]MLoger - HTTP(S)/TCP/WS 抓包测试工具 https://github.com/momosecurity/Mloger[tool]Web扫描器 nuclei,支持POC扫描 https://github.com/projectdiscovery/nuclei[tool]XRay[tool]AWVS[tool]YAWF https://github.com/phplaber/yawf
Burpsuite插件
[tool]被动敏感信息搜集 BurpAPIFinder https://github.com/shuanx/BurpAPIFinder
XXE
-
[tool]XXE盲打外传工具 https://github.com/TheTwitchy/xxer -
[tool]攻击Java RMI https://github.com/NickstaDB/BaRMIe
XSS
[tool]跨站 XSS Cheat Sheet https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
Java安全
[book]Java安全 https://github.com/anbai-inc/javaweb-sec[tool]优化版本yso https://github.com/zema1/ysoserial
前端黑魔法
paper反爬虫JS破解与混淆还原手册 https://github.com/LoseNine/Restore-JS
Defense
入侵检测 Detection
-
[blog]针对微软活动目录(AD)的七大高级攻击技术及相应检测方法 https://www.anquanke.com/post/id/161815 -
[blog]攻防对抗:活动目录中的欺骗技术 https://www.anquanke.com/post/id/162210 -
[tool]Webshell查杀 http://www.shellpub.com/ -
[paper]eBPF进程阻断 https://www.cnxct.com/linux-kernel-hotfix-with-ebpf-lsm/ -
[paper]Tetragon进程阻断原理 https://www.cnxct.com/how-tetragon-preventing-attacks/ -
[tool]基于eBPF的主机检测系统 eHIDS https://github.com/ehids/ehids-agent
应急响应
[tool]DEye https://github.com/m-sec-org/d-eyes
溯源反制
[tool]利用JetBrains来进行RCE反制 https://github.com/CC11001100/idea-project-fish-exploit[tool]ASN 查询 https://tools.ipip.net/as.php[tool]ASN 查询 https://www.peeringdb.com/asn/132203[paper]反制汇总 https://github.com/Getshell/Fanzhi[paper]git svn 反制 https://drivertom.blogspot.com/2021/08/git.html
主机加固
[blog]隐藏其他用户的进程信息 https://linux-audit.com/linux-system-hardening-adding-hidepid-to-proc/
主机基线
[tool]主机基线检查 https://github.com/tangjie1/-Baseline-check
法律法规 Laws
-
美国信息泄露通知法 https://en.wikipedia.org/wiki/Security_breach_notification_laws
-
美国信息泄露通知法 https://en.wikipedia.org/wiki/California_S.B._1386
AI应用/ AI安全
-
[tool]Quora POE https://poe.com/ -
[tool]总结PDF https://www.chatpdf.com/ -
[tool]短信接码 https://sms-activate.org/getNumber -
[tool]LLM Attack https://github.com/llm-attacks/llm-attacks -
[tool]Nightshade投毒图片,干扰图片类模型训练 https://www.qbitai.com/2023/10/92241.html -
[tool]Glaze,帮助艺术家抵抗生成式AI https://glaze.cs.uchicago.edu/ -
[tool]GPT安全工具集 https://www.gptsecurity.info/security-tools
AI资源
[tool]开源AI中文语料库(由猫扑大杂烩里屋论坛成员为爱发电) https://mnbvc.253874.net/